State cyber-incident attribution and Trustless Computing

Misattribution of grave cyber-incidents is becoming the most important threat to global geostrategic stability.

Recently, the German Minister of Defense identified cyber attacks as the “single greatest threat to global stability”. This is not surprising given the increasing vulnerability, complexity and lack of adequate standards for critical civilian and military systems, which makes them not only overly vulnerable but also their hacking inherently very difficult to attribute.

The inadequate standards, obscurity, hyper-complexity, and forensic-unfriendlinessof even the most critical systems and processes, in fact, renders state-grade cyber-incidents very difficult to attribute in an internationally recognized way, as International Atomic Energy Agency and the International Criminal Court have enabled, at least partly, for nuclear and war crime incidents.

A possible way to significantly or substantially mitigate this huge problem for global stability could be to make so that at least the most critical systems that are radically more secure and “forensic-friendly” as determined by an international independent widely-recognized certification body, which could also act as a sort of “cyber-incident International Criminal Court” to go in and gather first-hand and assess evidence.

Seems like the current certifications are not comprehensive enough and isolated from various nation-state pressures. Perhaps there is a need for a new one. We’ll be talking about that in Berlin on May 4th. And we are proposing in detail such a Trustless Computing Certification Body.